Py0zz1 W0r1d Py0zz1 W0r1d

Bug Bounty

• CVE-2024-7773/CVE-2024-45436 in Ollama

  Bug Bounty 2024. 10. 8. 00:13

  Remote Code Execution via Zipsliphttps://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb huntr - The world’s first bug bounty platform for AI/ML huntr.com zipslip -> create /etc/ld.so.preload/vuln.so -> generate new process -> sprintf() hooked -> RCE 이상하게 꼬여서 같은 취약점에 CVE 두개 발급됨..

  Read More
• CVE-2023-50718 in nocoDB

  Bug Bounty 2024. 5. 14. 01:33

  https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8 Improper Neutralization of Special Elements used in an SQL Command### Summary --- An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. ### Details --- ### SQL Injection vulnerability occu...github.com https://github.com/nocodb/nocodb GitHub - nocodb/nocodb..

  Read More
• CVE-2023-50717 in nocoDB

  Bug Bounty 2024. 5. 14. 01:31

  https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh Allow Preview of File with Dangerous Content### Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack....github.com https://github.com/nocodb/nocodb GitHub - nocodb/nocodb: 🔥 🔥 🔥 Open So..

  Read More
• KISA 2023 TOP 10

  Bug Bounty 2024. 2. 20. 04:36

  https://knvd.krcert.or.kr/honor.do 보안 취약점 정보 포털 knvd.krcert.or.kr

  Read More
• [KISA] FastStone v7.4 Stack Buffer Overflow

  Bug Bounty 2020. 11. 29. 06:51

  Read More
• [KISA] PicPick v5.0.7 Stack Buffer Overflow

  Bug Bounty 2020. 11. 29. 06:46

  Read More
• [KISA] Image Viewer + Zip Exploit Set

  Bug Bounty 2020. 11. 29. 06:20

  Read More
• [KISA] 직방 Deeplink (Webview XSS)

  Bug Bounty 2020. 11. 29. 05:49

  Read More